Chapter 12. Web App Security: Keep it secret, keep it safe
Your web app is in danger. Trouble lurks in every corner of the network, as crackers, scammers, and criminals try to break into your system to steal, take advantage, or just have a little fun with your site. You don’t want the Bad Guys listening in to your online store transactions, picking off credit card numbers. You don’t want the Bad Guys convincing your server that they’re actually the Special Customers Who Get Big Discounts. And you don’t want anyone (good OR bad) looking at sensitive employee data. Does Jim in marketing really need to know that Lisa in engineering makes three times as much as he does? And do you really want Jim to take matters into his own hands and login (unauthorized) to the UpdatePayroll servlet?
OBJECTIVES
Web Application Security
5.1 | Based on the servlet specification, compare and contrast the following security issues: (a) authentication, (b) authorization, (c) data integrity, and (d) confidentiality. |
5.2 | In the deployment descriptor, declare the following: a security constraint, a Web resource, the transport guarantee, the login configuration, and a security role. |
5.3 | Given an authentication type (BASIC, DIGEST, FORM, and CLIENT-CERT), describe its mechanism. |
Coverage Notes:
All of the objectives in this section are covered completely in this chapter, including security-related DD elements that were NOT ...
Get Head First Servlets and JSP, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
